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DETAILED ACTION 



Priority 

1 . No claim for priority lias been made in this application. 

The effective filing date for the subject matter defined in the pending claims in this 

application is 1 1/14/2003. 



Election of Restriction Requirement 

2. Applicant's election of Group I f iled on 4/1 6/2007 with respect to restriction 
requirement mailed on 3/15/2007 is acknowledged and accordingly, this Office Action 
only addresses the claimed inventions of Group I as elected by Applicant. The elected 
claims of Group I includes claims 1-18. 

Claim Objection 

3. Claims 1 and 10 are objected because the claim language "n • 2 in dependence 
upon a source address" should be "n > 2 in dependence upon a source address". This 
is supported by its CIP (Continuous-in-part) of application number 10/440,233 on Page 
4 Line 11-12 and was confirmed by Attorney John Granchelli during a phone interview 
on 3/12/2007. Appropriate corrections are required. 

4. Claims 1 and 1 0 are objected because the claim language "the level of trust" 
should be "a level of trust". Appropriate corrections are required. 
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5. Claims 5 and 14 are objected because the claim language "the different tables" 
should be "different tables". Appropriate corrections are required. 

6. Claims 6 and 1 5 are objected because the claim language "the same source 
address" should be "a same source address". Appropriate corrections are required. 

7. Claims 7 and 16 are objected because the claim language (a) "the priority of the 
destination address" should be "a priority of a destination address" (b) "the appropriate 
tables" should be "appropriate tables". Appropriate corrections are required. 

8. Claims 8 and 1 7 are objected because the claim language (a) "the priority of the 
destination address" should be "a priority of a destination address" (b) "the tables in 
accordance with the time that each of the entries has existed in those tables" should be 
"the tables in accordance with a time that each of the entries has existed in those 
tables". Appropriate corrections are required. 

Claim Rejections - 35 use § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the appjicant regards as his invention. 

9. Claims 1 and 10 are indefinite because the claimed recitation of "a decision 
engine" and "a scheduler" is not disclosed throughout the entire specification regarding 
its implementation as being a hardware functional entity or a software functional entity 
or a combination - according to the specification, the traffic analyzer, as shown in 
Figure 2, includes a decision engine, one or more source address tables, and a 
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scheduler (SPEC: Page 6 Line 25 - 27); however, each of component functionalities as 
a hardware entity or a software entity or a combination is unknown throughout the entire 
specification. 

Accordingly, claims 1 and 10 are also rejected under 35 U.S.C. 101 because the 
claim is directed as an "apparatus" claim; but the claimed subject matters may be 
reasonably interpreted as being not limited to any hardware element and thereby is not 
a proper apparatus claim under 35 U.S.C. 101 that needs to include, at least, one 
hardware element. 

All dependent claims are rejected to as having the same deficiencies as the 
claims they depend from. 

Double Patenting 

A rejection based on double patenting of the "same invention" type finds its 
support in the language of 35 U.S.C. 101 which states that "whoever invents or 
discovers any new and useful process ... may obtain a patent therefor ..." (Emphasis 
added). Thus, the temri "same invention," in this context, means an invention drawn to 
identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re 
Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957); and In re Vogel, 422 F.2d 438. 164 
USPQ 619 (CCPA 1970). 

A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by 
canceling or anfiendinq the conflicting claims so they are no longer coextensive in 
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scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection 
based upon 35 U.S.C. 101. 

Claims 1-18 are provisionally rejected under 35 U.S.C. 101 as claiming the 
same invention as that of claim 1 - 18 of copending Application No. 10/712,103. This is 
a provisional double patenting rejection since the conflicting claims have not in fact 
been patented. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or 
on sale in this country, more than one year prior to the date of application for patent in the United States. 

10. Claims 1 - 2 and 10 - 1 1 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Gai et al. (U.S. Patent 6,167,445). 

As per claim 1, Gai teaches an an apparatus for providing priority queuing to 
packets at a network device in a communications network (Gai: Column 4 Line 14-20 
and Column 9 Line 36 - 47: priority queues are used for managing network congestion 
control), comprising: 

(i) a decision engine (Gai: Figure 5 / Element 512 and Column 10 Line 24 - 34: 
traffic management controller is qualified as a decision engine), at the network device, 
for receiving packets from the communications network and queuing each of the 
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packets in an available queue wherein n queues are available and n > 2 (Gai: Figure 5 / 
Element 520, 522 & 532 and Column 10 Line 24 - 34 and Column 9 Line 41 - 43: 
multiple priority queues are used) in dependence upon a source address of the packet 
(Gai: Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 and Figure 7C / 
Element 742 & 746: classification rules are used to associate differentiated services 
(DS) or quality of service (QoS) with different priorities of traffic management that 
corresponds QoS level to packets based on their source or destination addresses); 

(ii) a scheduler (Gai: Figure 5 / Element 522 Column 10 Line 27 - 34) for de- 
queuing packets from the queues for transmission to the network device wherein 
packets from the queue are de-queued at different rates depending on the level of trust 
associated to the source addresses (Gai: Column 2 Line 54 - 57, Column 6 Line 27 - 
30 / Line 48 - 57, Column 15 Line 50 - 54 and Figure 7C / Element 742 & 746: (a) 
priority queues are used to traverse the packets at different speeds into the network (b) 
classification rules are used to associate differentiated services (DS) or quality of 
service (QoS) with different priorities of traffic management that corresponds QoS level 
to packets based on their source or destination addresses). 

As per claim 10, Gai teaches a method of providing priority queuing to packets at 
a network device in a communications network (Gai: Column 4 Line 14 - 20 and 
Column 9 Line 36-47: priority queues are used for managing network congestion 
control), the method comprising: 
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(i) receiving packets from the cornmunications network in a decision module (Gai: 
Figure 5 / Element 512 and Column 10 Line 24 - 34: traffic management controller is 
qualified as a decision module) at the network device, and queuing each of the packets 
in an available queue wherein n queues are available and n > 2 (Gai: Figure 5 / Element 
520, 522 & 532 and Column 10 Line 24 - 34 and Column 9 Line 41 - 43: multiple 
priority queues are used) in dependence upon a source address of the packet (Gai: 
Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 and Figure 7C / Element 
742 & 746: classification rules are used to associate differentiated services (DS) or 
quality of service (QoS) with different priorities of traffic management and further 
assigns QoS to packets based on their source or destination addresses); and 

(ii) de-queuing packets from the queues for transmission to the network device 
wherein packets from the queues are de-queued at different rates depending on a level 
of trust associated to the source addresses (Gai: Figure 5 / Element 520, 522 & 532, 
Column 2 Line 54 - 57, Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 
and Figure 7C / Element 742 & 746: (a) priority queues are used to traverse the packets 
at different speeds into the network (b) classification rules are used to associate 
differentiated services (DS) or quality of service (QoS) with different priorities of traffic 
management that corresponds QoS level to packets based on their source or 
destination addresses). 

As per claim 2 and 1 1 , Gai teaches the network device is a local area network 
(LAN) (Gai: Column 1 Line 29 - 40). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are ' 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinaiy skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1 1 . Claims 3 - 6, 8, 9, 1 2 - 1 5, 1 7 and 1 8 are rejected under 35 U.S.C. 1 03(a) as 
being unpatentable over Gai et al. (U.S. Patent 6,167,445), in view of Brock et al. (U.S. 
Patent 2003/01 10393). 

As per claim 3 and 12, Gai teaches each of said n queues has an associated 
classification of ranking with the source address of packets (Gai: Column 15 Line 50 - 
54 and Figure 7C / Element 742 & 746, Column 6 Line 27 - 30 / Line 48 - 57). 
{However, Gai does not disclose expressly each of said n queues has an associated 
table with source addresses. 

Brock teaches each of said n queues has an associated table with source 
addresses ((a) Brock: Para [0009], Para [0028], Para [0012] Line 5-7, Para [0015] 
Line 10-25 and Para [0032]: by monitoring the source address to prevent the denial of 
service attacks, a plurality of signature tables are created and ranked (with different 
classifications) based on likelihood of occurrence of malicious source devices and a null 
signature is added into the signature tables corresponding to non-malicious devices 
indicating no threat to the protected device and (b) Gai: Column 6 Line 27 - 30 / Line 48 
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- 57, Column 15 Line 50 - 54 and Figure 7C / Element 742 & 746: Gai teaches 
classification rules are used to associate different ranking (i.e. different classifications) 
with different priorities of queues that corresponds QoS level to packets based on their 
source addresses and thereby obviously, each of the n queues has an associated table 
with source addresses). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Brock within the system of Gai because 
(a) Gai teaches providing a mechanism to effectively allocate network resources and 
services when greater demands are being placed on the TCP-based network by using 
classification rules to associate different ranking (i.e. different classifications) that 
corresponds QoS level to packets based on their source or destination addresses for 
intrusion detection systems (Gai: Column 5 Line 29 - 33, Column 6 Line 27 - 30 / Line 
48 - 57, Column 15 Line 50 - 54 and Figure 7C / Element 742 & 746) and (b) Brock 
teaches maximizing efficiency, in a denial of service prevention system, by monitoring 
the source address to prevent the denial of service attacks, a plurality of signature 
tables are created and ranked (with different classifications) based on likelihood of 
occurrence of malicious source devices and a null signature is added into the signature 
tables corresponding to non-malicious devices indicating no threat to the protected 
device because the vast majority of system events may pose no threat to the protected 
device so that the svstem latencv can be siqnificantiv decreased (Brock: Para [0012] 
Line 1 - 7, Para [0009], Para [0028], Para [0012] Line 5-7, Para [0015] Line 10-25 
and Para [0032]). 



Application/Control Number: 10/712,103 Page 10 

Art Unit: 2131 

As per claim 4 and 13, Gai as modified teaches said n associated tables have 
relative priority levels ranging from legitimate to unknown (Brock: Para [0032], Para 
[0015] Line 10-25, Para [0009] and Para [0028] Line 11 - 14 & Gai: Figure 7C / 
Element 742 & 746: monitoring the source address and creating a friend / good 
signature table corresponding to non-malicious devices with null signature indicating no 
threat to the protected device (considered as legitimate source ranking) and the source 
addresses to be blocked or filtered with least ranking of trusts are considered as an 
unknown / unauthorized source ranking). 

As per claim 5 and 14, Gai as modified teaches certain legitimate source 
addresses can be pre-provisioned into the different tables according to their relative 
priorities (Brock: Para [00031] Line 5-11, Para [0009] and Para [0028] Line 1 1 - 14 & 
Gai: Figure 7C / Element 742 & 746: pre-provisioned into different signature tables by 
the 3"^ party of manufacturer). 

As per claim 6 and 15, Gai as modified teaches means to count source 
addresses and to place source addresses in a table having a legitimate classification 
after receiving N packets with the same source address, where N is a positive integer 
(Brock: Para [0015] Line 4-20 and Para [0009]: the source device does not pose 
threat to the protected device is added into the signature table and the occurrence data 
N must be positive (i.e. at least occur once) to meet the claim language). 
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As per claim 8 and 17, Gai as modified teaches the decision engine is operable 
to remove entries from the tables in accordance with the time that each of the entries 
has existed in those tables (Brock: Para [0015], Page 2, Right Column, Line 4 -.10: a 
null signature (i.e. an associated good / friend source device) may be removed after the 
expiration of a predetermined interval of time during which the associated signature 
event has not been detected, or after simply after a predetermined time). 

As per claim 9 and 18, Gai as modified teaches the decision engine is operable 
to discard packets from the queues in accordance with a RED (Random Early Drop) 
algorithm (Gai: Column 4 Line 35 - 40). 

12. Claims 7 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gai et al. (U.S. Patent 6.167,445), in view of Brock et al. (U.S. Patent 2003/0110393). 
and in view of Devarakonda et al. (U.S. Patent 20Q1/0052024). 

As per claim 7 and 16, Gai teaches each of said n queues has an associated 
classification of ranking with the destination address (besides the source address) of 
packets (Gai: Column 15 Line 50 - 54 and Figure 7C / Element 742 & 746, Column 6 
Line 27 - 30 / Line 48 - 57). However, Gai does not disclose expressly an outgoing 
packet monitor to recognize TCP FIN packets and to instruct the decision engine to 
t update the priority of the destination address of these TCP FIN packets and to put these 

addresses into the appropriate tables. 
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Devarakonda teaches an outgoing packet monitor to recognize TCP FIN packets 
and to instruct the decision engine to update the priority of the destination address of 
these TCP FIN packets and to put these addresses into the appropriate tables ((a) 
Devarakonda: Para [0026] Line 4 - 9 and Para [0027] Line 1 - 3: an affinity table (i.e. 
good table) is maintained upon the TCP FIN packet indicating the connection is closed 
and the affinity table includes the client, proxy, and the server node IP address 
(obviously including source and destination addresses) and (b) Gal: Column 15 Line 50 
- 54, Column 6 Line 27 - 30 / Line 48 - 57 and Figure 7C / Element 742 & 746: Gai 
teaches classification rules are used to associate different ranking (i.e. different 
classifications) with different priorities of queues that corresponds QoS level to packets 
based on their destination addresses and thereby obviously, an outgoing packet monitor 
to recognize TCP FIN packets and to instruct the decision engine to update the priority 
of the destination address of these TCP FIN packets and to put these addresses into 
the appropriate tables). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Devarakonda within the system of Gai 
because (a) Gai teaches providing a mechanism to effectively allocate network 
resources and services when greater demands are being placed on the TCP-based 
network by using classification rules to associate different ranking (i.e. different 
classifications) that corresponds QoS level to packets based on their soured or 
destination addresses for intrusion detection systems (Gai: Column 5 Line 29 - 33, 
Column 6 Line 27 - 30 / Line 48 - 57, Column 15 Line 50 - 54 and Figure 7C / Element 
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742 & 746) and (b) Devarakonda teaches improving efficiency, in a TCP-based routing 
network, by providing an affinity table (i.e. good table) is maintained upon the TCP FIN 
packet indicating the connection is closed and the affinity table includes the client, 
proxy, and the server node IP address (obviously including source and destination 
addresses) so that the overhead for affinity routing and load balancing can be 
minimized (Devarakonda: Para [0020], Para [0026] Line 4 - 9 and Para [0027] Line 1 - 
3). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-91 99 (IN USA OR CANADA) or 571 -272-1 000. 




Longbit Chai, Ph.D. 
Patent Examiner 
Art Unit 2131 
4/8/2007 



